1. Technical Field
The present disclosure generally relates to radiofrequency identification technology, also known as RFID, and more particularly, to systems, apparatus, and related methods for the secure authentication of RFID tags that do not require the use of read-write memory of the tag.
2. Background of Related Art
RFID is a method for automatic identification which uses radiofrequency (RF) signals. A device known as an RFID interrogator wirelessly reads, and optionally, writes, data stored in a transponder known as an RFID tag that is physically attached to an article, such as a product, packaging, or shipping container. Typically, an RFID tag consists of two main components: an integrated circuit (IC) for storing and processing data and for modulating and demodulating the RF signal, and an antenna coupled to the chip that enables the chip to exchange data between the tag and interrogator. An RFID tag can be read-only, wherein the IC contains unalterable data, such as a unique identification code indelibly encoded by the tag manufacturer which is used to uniquely identify the tag. Alternatively, an RFID tag can be read-write, wherein the stored data can be changed or deleted. Typically, however, a read-write RFID tag will also contain read-only data, such as an indelible unique identification code, so that individual tags can be uniquely identified. Certain types or models of read-write RFID tags—herein called secure RFID tags—provide security or protection features or mechanisms, such that reading and/or writing of the tag is controlled and conditioned upon successful communication of one or more passwords. In these secure RFID tags, a password is stored in write-only storage; that is, a password can be set or changed by a write operation, but cannot be revealed by any read operation. In order for an interrogator to gain access to data in the secure RFID tag, any read or write operations must be preceded by a password operation, in which the tag compares the interrogator's offered password to the tag's stored password. The secure RFID tag normally indicates success or failure of password comparison in its response to the password operation. Successful matching of passwords will temporarily enable subsequent read or write operations, until the tag is reset, either deliberately by the interrogator (at the end of operations), or incidentally by loss of power when a passive tag is removed from the vicinity of the interrogator.
RFID tags are characterized as being active or passive. Active RFID tags contain a power source, such as a battery, whereas passive RFID tags are powered by energy derived from the RF interrogation signal. As a result, a passive RFID tag typically has relatively modest processing and memory capabilities. Generally, but not exclusively, active RFID tags are used in heavy industrial, municipal, and military applications, while passive RFID tags are used in smaller devices such as tools, electronic devices and components, credit/debit cards, and the like. Active RFID tags may offer increased range over passive style tags.
An RFID tag may be employed for a variety of purposes. One such purpose is to authenticate an accessory device (e.g., a surgical instrument) to determine whether the accessory or instrument device is suitable for use with a main device, (e.g., an electrosurgical or microwave generator). Authentication is prepared or provisioned by generating and storing—or “programming”—a secret piece of information in the tag which is attached or affixed to the accessory device. This secret, called an “authentication signature,” is intended to be known or determinable only by the programmer of the RFID tag and by the manufacturer, vendor, or owner of the main and accessory devices to be authenticated. In subsequent usage intended to be protected by authentication, the authentication signature must be communicated between the interrogator and the secure RFID tag for comparison. It is assumed that these secure RFID tags cannot perform encryption or decryption, and therefore the authentication signature must be exposed by RF communication in plaintext during authentication events. Thus an adversary may attempt to discover authentication signatures with readily-available apparatus, such as RFID interrogators, and RF signal capture or recording devices (“sniffers”).
If the authentication signature were a simple secret (key or password) shared in common by all instances of accessory devices within a population of devices, any discovery by an adversary—no matter by what means—of one authentication signature would break authentication for an unlimited number of accessory devices.
In prior art systems, the authentication signature is stored in a known location in read-write memory in the RFID tag. In these systems, a main device seeking to authenticate an accessory will read the UID from the RFID tag associated with the accessory, and perform an identical calculation using the same secret key as that which presumably was used to program the tag initially. The stored authentication signature is then read from the RFID tag of the accessory and compared to the calculated authentication signature. If a match is confirmed, the accessory is judged to be authentic.
Such prior-art systems have disadvantages because they require consumption of read-write memory which is a scarce resource in an RFID tag; and because RFID read-write memory, may be accessible by any party in possession of an easily obtainable RFID interrogator, and thus the authentication signature for a given RFID chip may be readily readable. Another disadvantage of such readability is that an adversary who can read some number of authentication signatures may be able to deduce or derive the pattern or rule of diversification for a large population of accessory devices, and thus defeat the authentication system.